Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 26 subscribers
  • Views 2523 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Blocking Email Attacks

Mark Moore1

Hello,

We need a way to "effectively" block the Internet Attacks to the email system from things like "YLMF-PC" and other well known Internet Threats. We are currently seeing huge numbers of garbage emails tying up the processing power of the firewalls with these unnecessary email senders. I've managed to put in the IP each time they rotate it. But, if you look out there for more information you will see that we need to be able to stop these well known spammers/attackers from taking down the system.

Please ask them to add a feature we can use to block improper senders from tying up the email processing. 

We are seeing twice the rate of junk pounding the newly installed firewalls because the protections we had put in on the previous models aren't there.

Thanks, Mark

I wanted to add some of the stream from last night to give you an idea what we are dealing with;

NF   Nov 23 22:39:51 [0x2005a037]: Request: 'QUIT'
INF   Nov 23 22:39:51 [0x2005a037]: Response: 221 mail.h******l.com closing connection
INF   Nov 23 22:39:51 [0xc003852c]: RBL result: host 3.14.80.13.bl.spamcop.net seems clean
MSG   Nov 23 22:39:51 [0xc003852c]: [0xc003852c](maryc@h******l.com)SF Policy Action: QUARANTINE
INF   Nov 23 22:39:51 [0xc003852c]: [0xc003852c0] Quarantine Email
MSG   Nov 23 22:39:52 [0xb0000431]: Connection failed to '202.179.0.87:25'
MSG   Nov 23 22:39:52 [0xb0000431]: All MX servers failed, fallback to DNS
INF   Nov 23 22:39:52 [T___WORKER]: Relate with Firewall rule id: 2 mtuple flags: 2
MSG   Nov 23 22:39:52 [0xb0000431]: Mail Transaction Started from 127.0.0.1:6400 to 202.179.0.188:25 (fdid:438)
MSG   Nov 23 22:39:52 [0xb0000431]: Connecting to server ...
MSG   Nov 23 22:39:52 [T_ACCEPTOR]: Firewall Info: [client fd: 440 fwid: 2 connid: -748309632 uid: 0 gid: 0 sport: 42183 ]
MSG   Nov 23 22:39:52 [0x2005a039]: New SMTP Session Initialized 38.132.124.165:51108 ==> 0.0.0.0:25
INF   Nov 23 22:39:52 [0x2005a039]: init_cache_node: mail transaction started with UID=0xc003852e
INF   Nov 23 22:39:52 [0xc003852e]: Response: 220 mail.h******l.com ESMTP ready
INF   Nov 23 22:39:52 [0xc003852e]: Request: 'EHLO ylmf-pc'
INF   Nov 23 22:39:52 [0xc003852e]: Response: 250-mail.h******l.com Hello ylmf-pc [38.132.124.165]
250 STARTTLS
INF   Nov 23 22:39:52 [0xc003852e]: Request: 'AUTH LOGIN'
INF   Nov 23 22:39:52 [0xc003852e]: Response: 502 Command not implemented
MSG   Nov 23 22:39:53 [0xb000066c]: Connection failed to '78.129.240.114:25'
INF   Nov 23 22:39:53 [0xb000066c]: NFY: Mail sending is failed 25 times
MSG   Nov 23 22:39:53 [0xb000066c]: S='' R='JustinRobinson@rescue.bland.stream' subject='Delivery Failure Notification' Size='7145' Status='Destination Unreachable.'
MSG   Nov 23 22:39:53 [0xb000066b]: Connection failed to '78.129.240.114:25'
INF   Nov 23 22:39:53 [0xb000066b]: NFY: Mail sending is failed 25 times
MSG   Nov 23 22:39:53 [0xb000066b]: S='' R='JustinRobinson@rescue.bland.stream' subject='Delivery Failure Notification' Size='7151' Status='Destination Unreachable.'
MSG   Nov 23 22:39:53 [0xb0000431]: Connection failed to '202.179.0.188:25'
INF   Nov 23 22:39:53 [0xb0000431]: NFY: Mail sending is failed 184 times
MSG   Nov 23 22:39:53 [0xb0000431]: S='' R='Irinactlkf@mng.net' subject='Delivery Failure Notification' Size='1442' Status='Destination Unreachable.'
MSG   Nov 23 22:39:54 [T_ACCEPTOR]: Firewall Info: [client fd: 438 fwid: 2 connid: -748314208 uid: 0 gid: 0 sport: 13538 ]
MSG   Nov 23 22:39:54 [0x2005a03a]: New SMTP Session Initialized 38.132.124.165:57908 ==> 0.0.0.0:25
INF   Nov 23 22:39:54 [0x2005a03a]: init_cache_node: mail transaction started with UID=0xc003852f
INF   Nov 23 22:39:54 [0xc003852f]: Response: 220 mail.h*****l.com ESMTP ready
INF   Nov 23 22:39:54 [0xc003852f]: Request: 'EHLO ylmf-pc'
INF   Nov 23 22:39:54 [0xc003852f]: Response: 250-mail.h******l.com Hello ylmf-pc [38.132.124.165]
250 STARTTLS
INF   Nov 23 22:39:54 [0xc003852f]: Request: 'AUTH LOGIN'
INF   Nov 23 22:39:54 [0xc003852f]: Response: 502 Command not implemented
MSG   Nov 23 22:39:55 [T_ACCEPTOR]: Firewall Info: [client fd: 445 fwid: 2 connid: 314784256 uid: 0 gid: 0 sport: 4493 ]
250 STARTTLS
INF   Nov 23 22:39:55 [0xc0038530]: Request: 'STARTTLS'
INF   Nov 23 22:39:55 [0xc0038530]: Response: 220 Ready to start TLS
INF   Nov 23 22:39:55 [0xc0038530]: h-ver '0' , chel-ver '0'
INF   Nov 23 22:39:55 [0xc0038530]: valid client hello
INF   Nov 23 22:39:55 [0xc0038530]: h-ver '3' , chel-ver '3'
INF   Nov 23 22:39:55 [0xc0038530]: initializing ssl session with ss client ctx
INF   Nov 23 22:39:55 [0xc0038530]: SSL_accept() failed: error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol
INF   Nov 23 22:39:56 [0xb0000510]: Processing session '2005a03c'
INF   Nov 23 22:39:56 [0xb0000510]: forwarder_loop() Forwarder session inited. Retry #135
INF   Nov 23 22:39:56 [T___WORKER]: header[0] = 'From: mailer-daemon@mail.h******l.com


This thread was automatically locked due to age.